Add Administrative interface to control access on a per app basis to the more sensitive API endpoints. For instance, requesting user access permissions through the API returns sensitive info for all the applications the user has access to, this should only be allowed if the client has been whitelisted for such actions.